Home / os / winmobile

FusionAuth 1.10 Remote Command Execution

Posted on 28 January 2020

FusionAuth versions 1.10 and below suffer from a remote command execution vulnerability. An authenticated attacker with enough privileges to access the template editing functions (either site templates or e-mail templates) in the FusionAuth dashboard can execute commands on the underlying operating system using the Apache FreeMarker Expression language.

 

TOP

Malware :

Exploits :